diff --git a/fuzzers/forkserver_libafl_cc/src/main.rs b/fuzzers/forkserver_libafl_cc/src/main.rs index 46b4b58a93..899da87462 100644 --- a/fuzzers/forkserver_libafl_cc/src/main.rs +++ b/fuzzers/forkserver_libafl_cc/src/main.rs @@ -25,7 +25,7 @@ use libafl_bolts::{ tuples::{tuple_list, MatchName, Merge}, AsMutSlice, Truncate, }; -use libafl_targets::{EDGES_MAP_PTR, EDGES_MAP_SIZE}; +use libafl_targets::{EDGES_MAP_PTR, EDGES_MAP_SIZE_IN_USE}; use nix::sys::signal::Signal; /// The commandline args this fuzzer accepts @@ -86,7 +86,7 @@ struct Opt { #[allow(clippy::similar_names)] pub fn main() { - const MAP_SIZE: usize = EDGES_MAP_SIZE; //65536; + const MAP_SIZE: usize = EDGES_MAP_SIZE_IN_USE; //65536; let opt = Opt::parse(); let corpus_dirs: Vec = [opt.in_dir].to_vec(); @@ -99,7 +99,8 @@ pub fn main() { // let the forkserver know the shmid shmem.write_to_env("__AFL_SHM_ID").unwrap(); let shmem_buf = shmem.as_mut_slice(); - unsafe { EDGES_MAP_PTR = shmem_buf.as_mut_ptr() }; + // the next line is not needed + // unsafe { EDGES_MAP_PTR = shmem_buf.as_mut_ptr() }; // Create an observation channel using the signals map let edges_observer = unsafe { diff --git a/fuzzers/fuzzbench_ctx/src/lib.rs b/fuzzers/fuzzbench_ctx/src/lib.rs index a2ec8919e9..553a0478ce 100644 --- a/fuzzers/fuzzbench_ctx/src/lib.rs +++ b/fuzzers/fuzzbench_ctx/src/lib.rs @@ -55,7 +55,7 @@ use libafl_bolts::{ use libafl_targets::autotokens; use libafl_targets::{ edges_map_mut_ptr, libfuzzer_initialize, libfuzzer_test_one_input, CmpLogObserver, CtxHook, - EDGES_MAP_SIZE, + EDGES_MAP_SIZE_IN_USE, }; #[cfg(unix)] use nix::unistd::dup; @@ -250,7 +250,7 @@ fn fuzz( let edges_observer = HitcountsMapObserver::new(unsafe { StdMapObserver::from_mut_slice( "edges", - OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_SIZE), + OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_SIZE_IN_USE), ) }) .track_indices(); diff --git a/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs b/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs index 735867f8d4..f69c45c24d 100644 --- a/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs +++ b/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs @@ -47,7 +47,7 @@ use libafl_bolts::{ }; use libafl_qemu::{ cmplog::{CmpLogMap, CmpLogObserver, QemuCmpLogChildHelper}, - edges::{QemuEdgeCoverageChildHelper, EDGES_MAP_PTR, EDGES_MAP_SIZE}, + edges::{QemuEdgeCoverageChildHelper, EDGES_MAP_PTR, EDGES_MAP_SIZE_IN_USE}, elf::EasyElf, filter_qemu_args, hooks::QemuHooks, @@ -208,7 +208,7 @@ fn fuzz( let mut shmem_provider = StdShMemProvider::new()?; - let mut edges_shmem = shmem_provider.new_shmem(EDGES_MAP_SIZE).unwrap(); + let mut edges_shmem = shmem_provider.new_shmem(EDGES_MAP_SIZE_IN_USE).unwrap(); let edges = edges_shmem.as_mut_slice(); unsafe { EDGES_MAP_PTR = edges.as_mut_ptr() }; @@ -235,7 +235,7 @@ fn fuzz( // Create an observation channel using the coverage map let edges_observer = unsafe { - HitcountsMapObserver::new(ConstMapObserver::<_, EDGES_MAP_SIZE>::from_mut_ptr( + HitcountsMapObserver::new(ConstMapObserver::<_, EDGES_MAP_SIZE_IN_USE>::from_mut_ptr( "edges", edges.as_mut_ptr(), )) diff --git a/fuzzers/qemu_cmin/src/fuzzer.rs b/fuzzers/qemu_cmin/src/fuzzer.rs index ccc0861806..6ccb40c1cb 100644 --- a/fuzzers/qemu_cmin/src/fuzzer.rs +++ b/fuzzers/qemu_cmin/src/fuzzer.rs @@ -28,7 +28,7 @@ use libafl_bolts::{ AsMutSlice, AsSlice, }; use libafl_qemu::{ - edges::{QemuEdgeCoverageChildHelper, EDGES_MAP_PTR, EDGES_MAP_SIZE}, + edges::{QemuEdgeCoverageChildHelper, EDGES_MAP_PTR, EDGES_MAP_SIZE_IN_USE}, elf::EasyElf, emu::Emulator, ArchExtras, CallingConvention, GuestAddr, GuestReg, MmapPerms, Qemu, QemuExitReason, @@ -158,12 +158,12 @@ pub fn fuzz() -> Result<(), Error> { }, }; - let mut edges_shmem = shmem_provider.new_shmem(EDGES_MAP_SIZE).unwrap(); + let mut edges_shmem = shmem_provider.new_shmem(EDGES_MAP_SIZE_IN_USE).unwrap(); let edges = edges_shmem.as_mut_slice(); unsafe { EDGES_MAP_PTR = edges.as_mut_ptr() }; let edges_observer = unsafe { - HitcountsMapObserver::new(ConstMapObserver::<_, EDGES_MAP_SIZE>::from_mut_ptr( + HitcountsMapObserver::new(ConstMapObserver::<_, EDGES_MAP_SIZE_IN_USE>::from_mut_ptr( "edges", edges.as_mut_ptr(), )) diff --git a/libafl_cc/build.rs b/libafl_cc/build.rs index b176a4973a..3b63ed86de 100644 --- a/libafl_cc/build.rs +++ b/libafl_cc/build.rs @@ -238,7 +238,7 @@ fn main() { println!("cargo:rerun-if-env-changed=LLVM_CXXFLAGS"); println!("cargo:rerun-if-env-changed=LLVM_LDFLAGS"); println!("cargo:rerun-if-env-changed=LLVM_VERSION"); - println!("cargo:rerun-if-env-changed=LIBAFL_EDGES_MAP_SIZE"); + println!("cargo:rerun-if-env-changed=LIBAFL_EDGES_MAP_SIZE_IN_USE"); println!("cargo:rerun-if-env-changed=LIBAFL_ACCOUNTING_MAP_SIZE"); println!("cargo:rerun-if-env-changed=LIBAFL_DDG_MAP_SIZE"); println!("cargo:rerun-if-changed=src/common-llvm.h"); @@ -311,10 +311,13 @@ pub const LIBAFL_CC_LLVM_VERSION: Option = None; }; let mut cxxflags: Vec = cxxflags.split_whitespace().map(String::from).collect(); - let edges_map_size: usize = option_env!("LIBAFL_EDGES_MAP_SIZE") + let edges_map_size_in_use: usize = option_env!("LIBAFL_EDGES_MAP_SIZE_IN_USE") .map_or(Ok(65_536), str::parse) - .expect("Could not parse LIBAFL_EDGES_MAP_SIZE"); - cxxflags.push(format!("-DEDGES_MAP_SIZE={edges_map_size}")); + .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_IN_USE"); + let edges_map_size_max: usize = option_env!("LIBAFL_EDGES_MAP_SIZE_MAX") + .map_or(Ok(2_621_440), str::parse) + .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_IN_USE"); + cxxflags.push(format!("-DEDGES_MAP_SIZE_IN_USE={edges_map_size_in_use}")); let acc_map_size: usize = option_env!("LIBAFL_ACCOUNTING_MAP_SIZE") .map_or(Ok(65_536), str::parse) @@ -344,7 +347,9 @@ pub const LIBAFL_CC_LLVM_VERSION: Option = None; pub const CLANGXX_PATH: &str = {clangcpp:?}; /// The default size of the edges map the fuzzer uses - pub const EDGES_MAP_SIZE: usize = {edges_map_size}; + pub const EDGES_MAP_SIZE_IN_USE: usize = {edges_map_size_in_use}; + /// The real allocated size of the edges map + pub const EDGES_MAP_SIZE_MAX: usize = {edges_map_size_max}; /// The size of the accounting maps pub const ACCOUNTING_MAP_SIZE: usize = {acc_map_size}; diff --git a/libafl_cc/src/cfg.rs b/libafl_cc/src/cfg.rs index 5cb0176061..9c353ffa52 100644 --- a/libafl_cc/src/cfg.rs +++ b/libafl_cc/src/cfg.rs @@ -95,9 +95,9 @@ where /// Inserts an edge into CFG. #[must_use] pub fn new() -> Self { - let map_size = option_env!("LIBAFL_EDGES_MAP_SIZE") + let map_size = option_env!("LIBAFL_EDGES_MAP_SIZE_IN_USE") .map_or(Ok(65536), str::parse) - .expect("Could not parse LIBAFL_EDGES_MAP_SIZE"); + .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_IN_USE"); Self { edges: (0..map_size).map(|_| None).collect(), func_to_entry_bb: HashMap::default(), diff --git a/libafl_cc/src/ctx-pass.cc b/libafl_cc/src/ctx-pass.cc index 3255331c72..9f70445e2f 100644 --- a/libafl_cc/src/ctx-pass.cc +++ b/libafl_cc/src/ctx-pass.cc @@ -64,7 +64,7 @@ using namespace llvm; -#define MAP_SIZE EDGES_MAP_SIZE +#define MAP_SIZE EDGES_MAP_SIZE_IN_USE namespace { diff --git a/libafl_qemu/src/edges.rs b/libafl_qemu/src/edges.rs index 810258fbb3..1b82d504c0 100644 --- a/libafl_qemu/src/edges.rs +++ b/libafl_qemu/src/edges.rs @@ -7,7 +7,7 @@ use libafl_qemu_sys::GuestAddr; use libafl_qemu_sys::GuestPhysAddr; pub use libafl_targets::{ edges_map_mut_ptr, edges_map_mut_slice, edges_max_num, std_edges_map_observer, EDGES_MAP, - EDGES_MAP_PTR, EDGES_MAP_PTR_NUM, EDGES_MAP_SIZE, MAX_EDGES_NUM, + EDGES_MAP_PTR, EDGES_MAP_PTR_NUM, EDGES_MAP_SIZE_IN_USE, MAX_EDGES_NUM, }; use serde::{Deserialize, Serialize}; @@ -553,7 +553,7 @@ where match meta.map.entry((src, dest)) { Entry::Occupied(e) => { let id = *e.get(); - let nxt = (id as usize + 1) & (EDGES_MAP_SIZE - 1); + let nxt = (id as usize + 1) & (EDGES_MAP_SIZE_IN_USE - 1); unsafe { MAX_EDGES_NUM = max(MAX_EDGES_NUM, nxt); } @@ -562,7 +562,7 @@ where Entry::Vacant(e) => { let id = meta.current_id; e.insert(id); - meta.current_id = (id + 1) & (EDGES_MAP_SIZE as u64 - 1); + meta.current_id = (id + 1) & (EDGES_MAP_SIZE_IN_USE as u64 - 1); unsafe { MAX_EDGES_NUM = meta.current_id as usize; } diff --git a/libafl_targets/build.rs b/libafl_targets/build.rs index f067940b71..f2a4035a3a 100644 --- a/libafl_targets/build.rs +++ b/libafl_targets/build.rs @@ -2,6 +2,7 @@ use std::{env, fs::File, io::Write, path::Path}; +const TWO_MB: usize = 2_621_440; const SIXTY_FIVE_KB: usize = 65_536; #[rustversion::nightly] @@ -24,9 +25,12 @@ fn main() { let dest_path = Path::new(&out_dir).join("constants.rs"); let mut constants_file = File::create(dest_path).expect("Could not create file"); - let edges_map_size: usize = option_env!("LIBAFL_EDGES_MAP_SIZE") + let edges_map_size_max: usize = option_env!("LIBAFL_EDGES_MAP_SIZE_MAX") + .map_or(Ok(TWO_MB), str::parse) + .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_MAX"); + let edges_map_size_in_use: usize = option_env!("LIBAFL_EDGES_MAP_SIZE_IN_USE") .map_or(Ok(SIXTY_FIVE_KB), str::parse) - .expect("Could not parse LIBAFL_EDGES_MAP_SIZE"); + .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_IN_USE"); let cmp_map_size: usize = option_env!("LIBAFL_CMP_MAP_SIZE") .map_or(Ok(SIXTY_FIVE_KB), str::parse) .expect("Could not parse LIBAFL_CMP_MAP_SIZE"); @@ -48,7 +52,9 @@ fn main() { "// These constants are autogenerated by build.rs /// The default size of the edges map the fuzzer uses - pub const EDGES_MAP_SIZE: usize = {edges_map_size}; + pub const EDGES_MAP_SIZE_IN_USE: usize = {edges_map_size_in_use}; + /// The real allocated size of the edges map + pub const EDGES_MAP_SIZE_MAX: usize = {edges_map_size_max}; /// The size of the cmps map pub const CMP_MAP_SIZE: usize = {cmp_map_size}; /// The width of the `CmpLog` map @@ -63,7 +69,7 @@ fn main() { ) .expect("Could not write file"); - println!("cargo:rerun-if-env-changed=LIBAFL_EDGES_MAP_SIZE"); + println!("cargo:rerun-if-env-changed=LIBAFL_EDGES_MAP_SIZE_IN_USE"); println!("cargo:rerun-if-env-changed=LIBAFL_CMP_MAP_SIZE"); println!("cargo:rerun-if-env-changed=LIBAFL_CMPLOG_MAP_W"); println!("cargo:rerun-if-env-changed=LIBAFL_CMPLOG_MAP_H"); @@ -152,7 +158,10 @@ fn main() { cc::Build::new() .file(src_dir.join("coverage.c")) - .define("EDGES_MAP_SIZE", Some(&*format!("{edges_map_size}"))) + .define( + "EDGES_MAP_SIZE_MAX", + Some(&*format!("{edges_map_size_max}")), + ) .define("ACCOUNTING_MAP_SIZE", Some(&*format!("{acc_map_size}"))) .define("DDG_MAP_SIZE", Some(&*format!("{ddg_map_size}"))) .compile("coverage"); diff --git a/libafl_targets/src/coverage.c b/libafl_targets/src/coverage.c index a0175739bf..727d5e1567 100644 --- a/libafl_targets/src/coverage.c +++ b/libafl_targets/src/coverage.c @@ -8,7 +8,7 @@ typedef uint32_t prev_loc_t; /* Maximum K for top-K context sensitivity */ #define CTX_MAX_K 32U -extern uint8_t __afl_area_ptr_local[EDGES_MAP_SIZE]; +extern uint8_t __afl_area_ptr_local[EDGES_MAP_SIZE_MAX]; uint8_t *__afl_area_ptr = __afl_area_ptr_local; extern uint8_t __ddg_area_ptr_local[DDG_MAP_SIZE]; diff --git a/libafl_targets/src/coverage.rs b/libafl_targets/src/coverage.rs index 152997f5cd..28fa7c1823 100644 --- a/libafl_targets/src/coverage.rs +++ b/libafl_targets/src/coverage.rs @@ -5,11 +5,11 @@ use alloc::string::String; #[cfg(any(target_os = "linux", target_vendor = "apple"))] use libafl::{mutators::Tokens, Error}; -use crate::{ACCOUNTING_MAP_SIZE, DDG_MAP_SIZE, EDGES_MAP_SIZE}; +use crate::{ACCOUNTING_MAP_SIZE, DDG_MAP_SIZE, EDGES_MAP_SIZE_IN_USE, EDGES_MAP_SIZE_MAX}; /// The map for edges. #[no_mangle] -pub static mut __afl_area_ptr_local: [u8; EDGES_MAP_SIZE] = [0; EDGES_MAP_SIZE]; +pub static mut __afl_area_ptr_local: [u8; EDGES_MAP_SIZE_MAX] = [0; EDGES_MAP_SIZE_MAX]; pub use __afl_area_ptr_local as EDGES_MAP; /// The map for data dependency @@ -62,7 +62,7 @@ pub fn autotokens() -> Result { /// The size of the map for edges. #[no_mangle] -pub static mut __afl_map_size: usize = EDGES_MAP_SIZE; +pub static mut __afl_map_size: usize = EDGES_MAP_SIZE_IN_USE; pub use __afl_map_size as EDGES_MAP_PTR_NUM; use libafl::observers::StdMapObserver; use libafl_bolts::ownedref::OwnedMutSlice; diff --git a/libafl_targets/src/sancov_pcguard.rs b/libafl_targets/src/sancov_pcguard.rs index 8cfcb7e4d9..e27cc1abc0 100644 --- a/libafl_targets/src/sancov_pcguard.rs +++ b/libafl_targets/src/sancov_pcguard.rs @@ -14,14 +14,13 @@ use libafl::executors::{hooks::ExecutorHook, HasObservers}; feature = "sancov_pcguard_hitcounts", feature = "sancov_ctx", feature = "sancov_ngram4", - feature = "sancov_ngram8", ))] use crate::coverage::EDGES_MAP; use crate::coverage::MAX_EDGES_NUM; #[cfg(feature = "pointer_maps")] use crate::coverage::{EDGES_MAP_PTR, EDGES_MAP_PTR_NUM}; #[cfg(feature = "sancov_ngram4")] -use crate::EDGES_MAP_SIZE; +use crate::EDGES_MAP_SIZE_IN_USE; #[cfg(all(feature = "sancov_pcguard_edges", feature = "sancov_pcguard_hitcounts"))] #[cfg(not(any(doc, feature = "clippy")))] @@ -190,7 +189,7 @@ unsafe fn update_ngram(pos: usize) -> usize { PREV_ARRAY_8.as_mut_array()[0] = pos as u32; reduced = PREV_ARRAY_8.reduce_xor() as usize; } - reduced %= EDGES_MAP_SIZE; + reduced %= EDGES_MAP_SIZE_IN_USE; reduced } @@ -219,13 +218,13 @@ pub unsafe extern "C" fn __sanitizer_cov_trace_pc_guard(guard: *mut u32) { #[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))] { pos = update_ngram(pos); - // println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE); + // println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE_IN_USE); } #[cfg(feature = "sancov_ctx")] { pos ^= __afl_prev_ctx as usize; - // println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE); + // println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE_IN_USE); } #[cfg(feature = "pointer_maps")] @@ -282,7 +281,7 @@ pub unsafe extern "C" fn __sanitizer_cov_trace_pc_guard_init(mut start: *mut u32 #[cfg(not(feature = "pointer_maps"))] { MAX_EDGES_NUM = MAX_EDGES_NUM.wrapping_add(1); - assert!((MAX_EDGES_NUM <= EDGES_MAP.len()), "The number of edges reported by SanitizerCoverage exceed the size of the edges map ({}). Use the LIBAFL_EDGES_MAP_SIZE env to increase it at compile time.", EDGES_MAP.len()); + assert!((MAX_EDGES_NUM <= EDGES_MAP.len()), "The number of edges reported by SanitizerCoverage exceed the size of the edges map ({}). Use the LIBAFL_EDGES_MAP_SIZE_IN_USE env to increase it at compile time.", EDGES_MAP.len()); } } }